Consider, for instance, an e-mail client that for whatever reason requires obtaining a password. Should the dialog be part of an existing, probably sovereign posture, window? Or should it pop up? Equivalently, on a webapp, should it switch to a different page or use the current one.

As I see it, the disadvantages of pop-ups are that they are pop-ups(!) and breaks the association with the rest of the app.

The pop-up solutions seems the most popular solution. Even my VPN client I have to open a small dialog and then push a button to get the password prompt.

Examples of inline prompts are more limited. Some webapps, such as Twitter, slide open a dialog (even with http - grr). PuTTY prompts for SSH passwords in the terminal window, although here the motivation may be uniformity with telnet (where the protocol does not deal with passwords).

3 Answers
3

Twitter belongs to the first - you can see top tweets, users' profiles and so forth without logging in at all. Hence, it makes no sense to block the user with a pop-up or force a login on a separate page.

Email clients don't show anything of the emails before the user has logged in and hence are devoting a whole page for the login process.

In short - it depends whether the user should interact with the rest of the data on the page or not.

Your question takes a more interesting turn if the user is already logged in and has to be prompted again (see the linked question Rahul pointed to). Then it also depends if the user can safely interact with the data without logging in.
In most cases it makes sense to interrupt the user, in which case the pop-up works best.

Thunderbird at least shows me a list of messages before logging in. I can't think of ever using a mail client that has not. Thunderbird also shows the sovereign window if you haven't set up any accounts.
–
Tom Hawtin - tacklineAug 24 '10 at 13:23

Hmm... I was actually referring to a web email client. Most of the desktop ones don't require a password with each launch (I might be mistaken, but that's how the Outlook works in my environment).
–
Dan BarakAug 24 '10 at 13:41

desktop client email programs will depend on if they are saving credentials or using integrated auth, etc, though.
–
John GardnerAug 24 '10 at 21:48

Look at the stackexchange family of sites. Because of the support of many different authorization providers, there is an entire page dedicated to logging in. There's simply no way the richness of the authentication scheme can be conveyed in a simple set of login prompts.

For simpler schemes, not breaking the user's flow of action to login may be preferrable, so you have sites like fileplanet where the login is at the top and seamless with the page.

Dialogs, or pop-ups, should really only be used to display quick bits of information to a user that require a rather simple action -- Yes, No, Cancel, Close, etc; a user should never be required to interact with them in any manner beyond that.